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Relative monads are a generalisation of ordinary monads where the underlying functor 
need not be an endofunctor. In this paper, we describe a formalisation of the basic 
theory of relative monads in the interactive theorem prover and dependently typed 
programming language Agda. This comprises the requisite basic category theory, the 
central concepts of the theory of relative monads and adjunctions, compared to their 
ordinary counterparts, and two running examples from programming theory. 

1 Introduction 

Relative monads (Altenkirch, Chapman, and Uustalu 2010) are a recent generalisation 
of ordinary monads to cover similar structures where the underlying functor need not 
be an endofunctor. Our interest in this generalisation was triggered by some structures 
from programming theory that, in many ways, are strikingly similar to monads (even 
respecting the same laws), have similar programming applications, but nonetheless fail 
to be monads. Some examples of relative monads include untyped and typed A-terms, 
finite-dimensional vector spaces, Hughes’s arrows. Our research effort on relative monads 
is ongoing. 

In this paper, we describe a formalisation of the basic theory of relative monads in the 
interactive theorem prover and dependently typed programming language Agda (Agda 
team 2010). This formalisation work is motivated by a number of basic observations. 

First of all, by moving from a conventional functional programming language like 
Haskell (The Haskell Team 2010) to a dependently typed language like Agda (Agda 
team 2010), we gain the opportunity to formally certify our programs. Indeed, we are 
able to move from programs to “deliverables”, which contain partial specifications of 
programs as types; and the correctness of the assertions can be automatically verified by 
a type checker. 
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Second, since monads are the most successful pattern in conventional functional pro¬ 
gramming, we should expect that they play a central role in dependently typed functional 
programming. But in fact, with dependent types, we should go beyond monads. Once 
we move to a more fine-grained type system, such as Agda’s, it becomes clear that the 
conventional notion of a monad is unnecessarily restrictive, since it fails to account for 
the monad-like structures we encounter in programming that are not endofunctors. We 
would like to contend that, in a dependently typed setting, it is only natural to go on 
from monads to relative monads, as they are more general, but not more complex. (In 
Haskell, the opportunity does not arise: we can only speak of endofunctors, in fact, only 
endofunctors on the category of Haskell types.) 

Third, we think that the present work is an interesting example of the mutual influence 
of theoretical work and formalisation. Not only does the formal development necessitate 
a review and refinement of structures inherited form mathematics, but the development 
generates demands on the language and system used—here Agda. In fact, in the case 
of our study of relative monads, we worked on the formalisation in parallel with the 
theoretical work and indeed both influenced each other. 

The third point is reflected in our approach to extensionality. Agda’s propositional 
equality is proof irrelevant but not extensional with respect to functions. We use both 
properties of propositional equality in our formalisation. We prove proof irrelevance and 
assume extensionality of functions. At first, it sounds somewhat drastic to just assume 
extensionality: Is it not dangerous? Why do we not just assume absurdity and have done 
with it? However, it has been shown by Hofmann (Hofmann 1995) that extensional¬ 
ity is a conservative extension of intensional type theory. Altenkirch et al. (Altenkirch, 
McBride and Swierstra 2007) have shown that it possible to introduce a type theory 
with an extensional propositional equality without giving up decidable type checking 
and other computational properties of the system. Another deficiency of Agda’s propo¬ 
sitional equality is that it does not support quotients, but we have no need for them in 
this formalisation. 

Previous formalisations of category theory in type theory and higher-order logic include 
(Dyckhoff 1985; Altucher and Panangaden 1990; Dybjer and Gaspes 1994; Huet and Sai'bi 
1998; Carvalho 1998; Wilander 2005; Coquand and Spiwack 2007; Sozeau 2010; O’Keefe 
2004; Dawson 2007). The formalisations in intensional type theory have used setoids 
(i.e., sets with an equivalence relation) to model the homsets of a category while being 
content with a set for the collection of objects. Our experience is that using setoids quickly 
becomes unwieldy and introduces an unacceptable overhead to the formal development. 
Moreover, it is not clear what should be a set and what should be a setoid. E.g., in the 
case of a category, one could argue that both objects and homsets should be setoids to 
give a direct account of constructions such as the arrow category. These choices would 
then lead to many related but different implementations of the same concept, which is 
clearly unacceptable and also unfeasible. 

Our intention in this work is not to develop a category theory library for Agda and 
we do not argue that the approach taken here is the only way or the best way to do 
this. Instead, this development has been carried out as part of our research on relative 
monads not as an after-the-fact verification, but as a day-to-day tool for prototyping and 
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sanity checking. However, this development is intended to be a substantial experiment in 
formalising category theory in Agda for the purposes of finding out whether our approach 
and the type theory and implementation of Agda are fit for purpose. We will address 
these points in the conclusion. 

We have carried out our formalisation in the development version of Agda (= version 
2.2.7; the latest release version is 2.2.6). This is because of certain vital performance 
improvements in the handling of records in the new version. We have striven to make 
the development as self-contained as possible, not relying on libraries, for stability in this 
situation. The formalisation comes in two versions. The version described in the paper 
is without a universe hierarchy (uses —type-in-type) to simplify the presentation. 
But we also offer a stratified version relying on —universe-polymorphism, which is 
more bureaucratic, but might give more confidence. As already mentioned above, we 
make extensive use of proof-irrelevance of propositional equations (provable in Agda) and 
extensionality of functions (assumed). Both developments are available online (Chapman 
2010). 

Apart from some necessary basics of categories, the formalisation covers essentially 
Sections 2.1, 2.2 and 2.3 of (Altenkirch, Chapman, and Uustalu 2010) on relative monads, 
relative adjunctions, Kleisli and Eilenberg-Moore adjunctions, with a special focus on 
two examples: well-scoped untyped A-terms and typed A-terms. We are in the process of 
formalizing the later sections on relative monads as monoids in suitable functor categories 
and the examples of finite-dimensional vector spaces and Hughes’s arrows. Progress in 
some of these directions depends on further improvements to Agda. 

The paper is organised as follows. In Section 2, we introduce our approach using the 
example of monoids. As we discuss this example, we introduce Agda’s syntax and develop 
the required utilities for our formalisation. In Section 3, we introduce the background 
category theory that we need in order to discuss relative monads: categories, functors, 
natural transformations, and functor categories. Next, we introduce relative monads and 
several examples (well-scoped and well-typed A-terms) in Section 4. When we introduce 
relative versions of structures, we always relate them to their ordinary counterparts. In 
Section 5, we introduce relative adjunctions, describe how they can be composed to form 
relative monads, and how relative monads can be split into relative adjunctions. We also 
develop the examples further. 

The paper assumes no knowledge of category theory or monads and adjunctions, in 
the sense that we define everything as we go. But familiarity with these topics will help 
the reader appreciate what we do. 

2 Monoids 

Basic algebraic structures can be defined as follows: first we define some data (e.g., a set 
and some operations on it), which provides the basic structure; and second we define some 
laws, which govern how the data (e.g., an operation) behaves. An example of something 
which fits this pattern is a monoid. A monoid is given by the following data: a set; a 
distinguished element; and a binary operation on the set. 
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These data are subject to the following laws: 

Left unit law 

e • to = to where m £ S 

Right unit law 

to • e = to where m £ S 

Associativity 

(to • n) ■ o = to • (n • 6) where m,n,n £ S 

In Agda (Agda team 2010), we can use a dependent record to represent a monoid quite 
naturally. Both the data and the laws are contained in the record as a sequence of fields. 
The laws are represented as propositional equations. The data is explicitly represented 
as a sequence of fields in a record which is itself a Set (Agda’s notation for a type). Each 
field has an explicit type which can refer to the fields that came before (Eg. e’s type is 
the preceding field S). The three equational laws are represented as fields in the same 
record: 

record Monoid : Set where 
field S : Set 

e : S 

: S -> S -> S 

lid : {m : S> —> e • m = m 

rid : {m : S> —> m • £ = m 

ass : {m n o : S} —> (m • n) • o = m • (n • o) 

Let us look more closely at the Agda syntax introduced in this definition: first, we begin 
the definition with record then the name of the record (Monoid in this case); next, we 
could give some parameters, but none are necessary here; finally, we say that this has 
type Set and end the line with where. The fields of the record are preceded by the 
field keyword. Next, we name three fields and give their types. Agda support Unicode 
characters, so e is a perfectly good identifier. Infix operators (like _•_) are named with 
underscores, indicating where the arguments go, and is the non-dependent function 
space, indicating that, in the case of that it takes two elements of S and always returns 
an element of S. Next we give the laws. They are fields, so they must have names and 
their types are the equations which they enforce. Universal quantification (or II-type, 
they are the same in Agda) is written as (a : A) —* B. In this definition we use implicit 
universal quantification {a : A} —» B, as these arguments can often be inferred. This is 
just a notational convenience: we are free to leave explicit arguments implicit (by giving 
them as an underscore _) or give implicit arguments explicitly (by enclosing them in 
curly braces {n}). 

Compare this type of definition with Haskell, where we can define the operations of a 
monoid and define an instance of a monoid (e.g. natural numbers, zero and addition), but 
we cannot show inside the system that this instance would obey the laws of a monoid. 
In Agda, we can do both: we can write programs that make use of algebraic structure 
and we can reason about them, and in the process make extra guarantees that the we 
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really have the structures that we say we do. In fact, we go further than just allowing 
such guarantees to be state; we insist that they are met. A monoid carries with it the 
guarantee that the the monoid laws are satisfied. If it does not satisfy the laws, we cannot 
give it the type of monoid. 

Our intention is not to encode monoids in type theory, but to explain what a monoid is 
in type theory, and then from this point on, use the language of type theory, as opposed to 
informal mathematical notation, to discuss monoids and other structures. Having given 
the example of monoids in both informal notation and formally in type theory, we will 
now only give formal definitions. If type theory is to be a language of mathematics, then 
one should be able to use it as a language of mathematical explanations. It is our opinion 
that Haskell is already quite effective as a language for explaining programming ideas, 
on a computer, or on a whiteboard, or the back of an envelope. It is our hope that type 
theory (as it is in Agda and related languages) can be a language for explaining not just 
programming ideas but also mathematical ideas. 

Before moving on to consider the categorical machinery we will need later, we will 
first show, by way of an example, that natural numbers with zero and addition form a 
monoid. 

First, we give the inductive definition of natural numbers in Agda. We define a inductive 
datatype with two constructors: z for zero; and s for successor which takes a natural 
number and returns another natural number, 
data Nat : Set where 
z : Nat 
s : Nat —» Nat 

Any natural number can be seen to have either z or s as its outermost constructor. For 
this reason when writing functions that consume natural numbers we need only consider 
the canonical cases of z or s n. 

We define addition as an infix operator _+_ by recursion on the first argument. In 
Agda, we do not need to indicate that we are doing recursion on the first argument in 
our definition, instead Agda’s termination checker checks that our recursion is valid after 
the fact. It is valid in this case, as our recursive call takes a structurally smaller first 
argument. Indeed, we use only structural recursion in this paper. 

_+_ : Nat —> Nat —> Nat 

z + n = n 

sm + n= s (m + n) 

Next, we can show that Nat, z and _+_ form a monoid: 

Nat+Mon : Monoid 

Nat+Mon = recordfS = Nat; 

£ = z; 

lid = refl; 
rid = ?; 
ass = ?} 
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We have defined a new record Nat+Mon with type Monoid and begun to fill in the fields. 
The data is as follows: the underlying set is Nat; the unit element is z; and the binary 
operation is given by Next we must give proofs of the laws, specialised to this monoid. 
The left unit law is trivial; its type is z + m = m. This holds up to definitional equality 
(=). It is just the first line of the definition of _+_. Hence, it automatically computes to 
m = m and can be proved by reflexivity. The other two laws, whose types are m + z = m 
and (m + n) + o = m + (n + o) respectively, do not compute any further and require 
more elaborate proofs. In Agda, unfinished parts of a definition are denoted by a question 
mark ?. It should be noted that the formalisation contains no unfinished parts. In this 
paper we will give some incomplete definitions and fill them in later (as we do here) 
and also leave some definitions incomplete. In the latter case we will give a sketch of the 
missing term but omit its precise form due to reasons of space and/or readibility. 

Before proving these as lemmas and filling in the two question marks, we take the 
opportunity to examine propositional equality and a useful general lemma. In this paper, 
we rely on the following definition of propositional equality: 
data _=_ {A : Set} : {A’ : Set} —> A —> A’ —> Set where 

ref1 : {a : A} —> a = a 

This is a heterogeneous version of Martin-Lof’s identity type (known as John Major 
equality). It allows us to state an equality between elements of different types. However, 
its only canonical inhabitant is reflexivity, where both the types and the terms on the 
either side of the equation are identical. 

The useful lemma, which we will use very soon, states that functions take equal argu¬ 
ments to equal results (they respect equality): 
resp : V{A}{B : A —> Set}(f : V a —> B a){a a’ : A} —> 
a = a’ —» f a = f a’ 
resp f p = ? 

Using the notation V, we can introduce an universally quantified variable, but leave its 
type to be inferred. In this case, the type of A must be Set, as it is the domain of B, 
and the type of a must be A, as it is applied to B. The type of the question mark is 
f a = f a ’. To carry out the proof, we pattern-match on p, which is a proof of the 
equation a = a 1 . The only inhabitant of an equation is refl, and hence a and a’ must 
be identical. By performing this pattern match, a and a’ get unified in the context and 
the goal (the type of the question mark) is simplified to f a = f a, which is inhabited 
by refl as well. The finished proof is just: 
resp f refl = refl 

In a situation where the same function is on the outside on both sides of an equation we 
are trying to prove, we can use resp to ‘peel off’ the function and reduce our problem 
to proving what is underneath. 

Having stated and proved this lemma, we can now prove the right unit law for the 
NatMonoid+ monoid: {n : Nat} —> n + z = n. The proof proceeds by induction (in¬ 
duction and recursion are the same in Agda) on the implicit argument n, which we 
provide explicitly here, so we can pattern-match on it. In the zero case, it is given by 
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ref 1 of type z = z. In the successor case, the goal computes to s (n + z) = s n. We 

use resp to peel off the function s and then apply our inductive hypothesis rid+ {n>. 

rid+ : -fn : Nat} —> n + z = n 

rid+ {z} = refl 

rid+ {s n} = resp s (rid+ -fn}) 

We can prove the associativity condition in a similar way. Here we need only refer to the 
first implicit argument explicitly: 

ass+ : -fm n o : Nat} —» (m + n) + o = m + (n + o) 

ass+ {z} = refl 

ass+ {s m} = resp s (ass+ -fm}) 

Having proved these two lemmas, we can finish Nat+Mon: 

Nat+Mon : Monoid 

Nat+Mon = recordfS = Nat; 

e = z; 

lid = refl; 

rid = rid+; 

ass = ass+} 

3 Basic category theory 

In this section, we develop some basic category theory that we will make use of later. 
A category is an algebraic structure like any other. We define it as before: we introduce 
some data, a set of objects, a set of morphisms between two objects, for any object, an 
identity morphism and, for any two morphisms between appropriate objects, a composi¬ 
tion morphism. Then we give some equations which govern how this structure behaves: 
identity is left and right unit of composition, and composition is associative. These condi¬ 
tions are often represented pictorially as categorical diagrams. Categorical diagrams are 
a very nice representation of equations. In Agda, we just represent the equations directly 
using propositional equality, 
record Cat : Set where 
field Obj : Set 

Horn : Obj —> Obj —> Set 
iden : V{X} -> Horn X X 

comp : V{X Y Z} -t Horn Y Z -t Horn X Y —> Horn X Z 

idl : V{X Y}{f : Horn X Y} -t comp iden f £* f 

idr : V{X Y}{f : Horn X Y} —> comp f iden = f 

ass : V{W X Y Z}{f : Horn Y ZHg : Horn X Y}{h : Horn MX}-* 

comp (comp f g) h = comp f (comp g h) 

A simple example of a category is the category of small sets. The objects are sets and 
the morphisms are simple functions between them. The identity is given by the identity 
function and the composition is given by function composition. The laws hold definition- 
ally. 
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Sets : Cat 

Sets = record-fObj = Set; 

Horn = AXY—>X—>Y; 
iden = id; 

comp = A f g -t f • g; 
idl = ref1; 
idr = refl; 
ass = refl} 

Another simple example is given any category C, we can form the category C op by 
turning round all the arrows. In Agda, we define this as a postfix operator _0p. The 
category C Op has the same objects as C. The morphisms from X to Y in C Op are the 
morphisms from Y to X in C. The identity in C Op is given by the identity of C and the 
composition in C Op is given by reversing the order of the composition of C. The left unit 
law follows from right identity of C, and the right unit from the left identity of C. The 
associativity follows from the associativity of C after applying symmetry. 

_0p : Cat —> Cat 
C Op = record-fObj = Obj C; 

Horn = A X Y -t Horn C Y X; 

iden = iden C; 

comp = A f g —> comp C g f; 

idl = idr C; 

idr = idl C; 

ass = sym (ass C)} 

For the first time in the definition of _0p, we are referring to the fields of one record in 
the definition of another and how this works warrants further explanation. The type of 
the Obj field is Set, so we must give a set on the right of the = sign. But Obj appears 
again on the right and this time takes an argument C. When we define a record (e.g., 
Cat) Agda defines projections functions with the same names as the field names (e.g., 
Cat.Obj). The projections are functions from the record type to the field type (e.g., 
Cat.Obj : Cat —> Set). We can open the name space of the record (e.g., open Cat) 
to bring the projections into scope and avoid having to give the name of the record as 
part of the projection name. We do this after every record and hence we can refer to 
the projections directly (e.g., Obj). Hence in the line Obj = Obj C;, the Obj on the left 
is the field name of C Op and the Obj on the right is the projection function from the 
record Cat. The remainder of the definition proceeds as described above. 

Next we define functors. This time the record Fun is parametrised by the categories (C 
and D) at the domain and codomain of the functor. The record has fields for the object map 
and the morphism map. It also has fields for the two functor laws which guarantee that 
the morphism map does the right thing with the identity and composition morphisms, 
i.e., that identity in C is mapped to identity in D and that composition in C is mapped 
to composition in D. By including these laws in the definition of a functor, we guarantee 
that anything that has the right to call itself a functor respects the functor laws, 
record Fun (C D : Cat) : Set where 
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field OMap : Obj C > Obj D 

HMap : V{X Y} —> Horn C X Y -t Horn D (OMap X) (OMap Y) 
fid : V{X} HMap (iden C {X}) & idea D {OMap X> 

fcomp : V{X Y Z}{f : Horn C Y Z>{g : Horn C X Y} -t 

HMap (comp C f g) = comp D (HMap f) (HMap g) 

Having defined functors (morphisms between categories), we can define natural transfor¬ 
mations (morphisms between functors): 
record NatT {C D}(F G : Fun C D) : Set where 

field cmp : V {X> —► Horn D (OMap F X) (OMap G X) 

nat : V{X Y}{f : Horn C X Y} -t 

comp D (HMap G f) cmp = comp D cmp (HMap F f) 

The natural transformation is made up of its components, given by a function which for 
any object X in C (taken implicitly) gives us a morphism from OMap F X to OMap G X, 
and a naturality condition, which states that, given any morphism f in C, we can go along 
the morphism and then the component or we can go along the component first and then 
the morphism. 

Given definitions of categories, functors and natural transformations we might aspire 
to defining a functor category where the objects are functors and the morphisms are 
natural transformations. Let us start to realise this aspiration: 

FunctorCat : Cat —> Cat —> Cat 
FunctorCat C D = record{0bj = Fun C D; 

Horn = NatT; 
id = ?; 

idl = ?; 
idr = ?; 

The morphisms in this category are natural transformations, so we need to define the 
identity natural transformation and composition of natural transformations. The identity 
natural transformation is from a functor F to itself. The component at X in C must be a 
morphism in D from OMap F X to itself. This is just the identity morphism in D on the 
object OMap F X. The naturality condition computes to comp D (HMap F f) (iden D) 
= comp D (iden D) (HMap F f). which follows from the left and right unit laws (lid 
and rid) in D. 

idNat : V{C D}{F : Fun CD}-* NatT F F 
idNat {C}{D}{F} = recordfcmp = iden D; 

nat = X{X}{Y}{f} —> trans (idr D) (sym (idl D))} 
Composition proceeds analogously. Just like the components of the identity natural trans¬ 
formation are given by identity in D, the components of composition are given by compo¬ 
sition in D, specifically, composition of the components of the natural transformation a 
and (3. We omit the proof term of the naturality condition and leave it as ?. The omitted 
proof follows from the associativity law for D and the naturality of a and (3. 
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compNat : V{C D}{F G H : Fun C D> -t NatT G H -t NatT F G -t NatT F H 
compNat {CHD} a (3 = record {cmp = comp D (cmp a) (cmp p) ; nat = ?} 

To have a category, we must prove the that idNat is left and right unit of compNat and 
compNat is associative. Let us look at left unit law first: 

idlNat : V{C D}{F G : Fun C D}{a : NatT F G} -t compNat idNat a = a 
idlNat = ? 

To prove idlNat we must prove that the natural transformations compNat idNat a and 
a are (propositionally) equal. Natural transformations are records, and to prove that two 
records are equal we must prove that their fields are equal. In this case this means we 
must prove that the components are equal and also the the proofs(!) of naturality are 
equal. Worry not, help is at hand in the form of proof irrelevance: 
ir : {A A’ : SetHa : A}{a’ : A’Hp q : a = a’} —> p = q 
ir {p = refl}{q = refl} = refl 

In Agda, all proofs of a particular propositional equation are equal. The canonical inhab¬ 
itant of a propositional equations is refl. When writing a program or proving a theorem 
by pattern matching, we need only consider canonical representatives of the arguments, 
and refl equals refl by (surprise, surprise) refl. So, we can just use proof irrelevance 
to avoid proving that the naturality proofs are equal right? Well, no. The problem is that 
the types of the two proofs (the equations of which they are proofs) are different. The 
naturality condition for compNat (idNat G) a is 
comp D (HMap G f) (comp D (iden D) (cmp a)) = 
comp D (comp D (iden D) (cmp a)) (HMap F f) 
and for a it is 

comp D (HMap G f) (cmp a) = comp D (cmp a) (HMap F f) 

These equations are different, but their respective left and right hand sides are provably 
equal. We just need to plug in the proofs that the components are equal in the right 
place. We define a lemma f ixtypes to deal with this common situation where we have 
two equality proofs between provably equal equations. Once we have ensured that the 
equations (or rather their types) are equal, we can apply proof irrelevance to show that 
their proofs are equal. 

fixtypes : V{A A’}{a a’ : A}{a’’ a’’’ : A’} 

-Cp : a S a’Hq : a’ ’ = a’”} 
a = a’ ’ —► a’ = a’ ’ ’ —► p = q 
fixtypes refl refl = ir 

Given this principle, we are now in a position to prove that the naturality conditions are 
equal, or we would be, were it not for the fact that the naturality conditions are actually 
functions: they hold for any X, Y and f. Here Agda’s notion of propositional equality lets 
us down. We really need extensionality: we would like functions to be equal, if they do 
the same thing on all possible arguments. We postulate this principle as follows: 
postulate ext : {A : SetHB B’ : A —> Set} 

{f : V a —> B a}{g : V a —* B’a} —> 
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(V a —> f a = g a) —> f = g 

We could now prove the left identity law above by proving only that the components 
are equal and dispensing with the naturality conditions, using the facilities we just in¬ 
troduced. However, we can do better than this, we can prove once-and-for-all that two 
natural transformations are equal, if their components are equal. We can prove that the 
naturality conditions are equal, by plugging in the proof that components are equal using 
extensionality and by invoking proof irrelevance via f ixtypes. We omit the proof term. 
NatTEq : {C D : CatHF G : Fun C D}{« (1 : NatT F G} -> 
cmp a = cmp (3 —> a = (3 
NatTEq p = ? 

This turns out to be a common pattern in our formalisation: whenever we need to prove 
that two records are equal and the records are made up of some fields giving some data 
and some laws that govern it, we need only prove equality of the data. 

Having defined NatTEq, we can use it to reduce the problem of proving the three 
lemmas to proving that the components are equal. 

idlNat : V{C D}{F G : Fun C D}{a : NatT F G} -t compNat idNat a = a 

idrNat : V{C D}{F G : Fun C D}{a : NatT F G} —> compNat a idNat S a 

assNat : V{C D}{E F G H : Fun C D> 

{a : NatT G H}{(3 : NatT F G}{q : NatT E F} —> 

compNat (compNat a (3) q = compNat a (compNat (3 q) 

Their components are equal by the left and right identity, and associativity laws of the 
category D respectively (and extensionality). 

Having proved these three lemmas, we can now complete our definition of a functor 
category: 

FunctorCat : Cat —> Cat —> Cat 
FunctorCat C D = record{0bj = Fun C D; 

Horn = NatT; 
id = idNat; 
comp = compNat; 
idl = idlNat; 
idr = idrNat; 
ass = assNat} 

4 Monads and relative monads 

Relative monads are a generalisation of monads, from endofunctors, to functors that 
may go between different categories. We define ordinary monads first before introducing 
relative monads. In Manes’ style, a monad on a category C consists of three pieces of 
data: a map T from objects of C to objects of C; an operation q that, for any object X of 
C, gives a morphism in C from X to T X; and an operation on morphisms of C called bind 
that (for any objects X and Y) lifts morphisms from X to T Y to a morphism from T X to 
T Y. 

record Monad (C : Cat) : Set where 
field T : Obj C —► Obj C 
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n : V {X} —► Horn C X (T X) 

bind : V{X Y} -> Horn C X (T Y) -> Horn C (T X) (T Y) 

lawl : V{X> -> bind (q {X}) “ iden C {T X> 

law2 : V{X Y}{f : Horn C X (T Y)} -* comp C (bind f) q “ f 

law3 : V{X Y Z}{f : Horn C X (T Y)Hg : Horn C Y (T Z)> -»■ 

bind (comp C (bind g) f) = comp C (bind g) (bind f) 

A simple example of a monad is the so-called maybe monad: 
data Maybe (A : Set) : Set where 
Just : A —> Maybe A 
Nothing : Maybe A 

Note first that this is not yet a monad; it is just a set. Maybe gives a canonical way to 
add a distinguished element to a set A. This element is usually used to denote failure of a 
function that would otherwise return an element of A. We define a function mbind which 
lifts an unreliable function on reliable input to an unreliable function on unreliable input: 
mbind : {X Y : Set} -4 (X -> Maybe Y) -> Maybe X -> Maybe Y 
mbind f (Just x) = f x 
mbind f Nothing = Nothing 

Next we prove two properties about mbind: that giving it Just as an argument (quite a 

reliable unreliable function) is the same as the identity function; 

mlawl : V{A}(a : Maybe A) —* mbind Just a = id a 

mlawl (Just a) = refl 

mlawl Nothing = refl 

and that, given two appropriate functions, composing their lifted versions, or lifting one, 
composing, and then lifting the result gives the same outcome: 
mlaw3 : V{A B C}{f : A —> Maybe B}{g : B —> Maybe C}(a : Maybe A) —> 
mbind (mbind g • f) a = (mbind g • mbind f) a 
mlaw3 (Just a) = refl 

mlaw3 Nothing = refl 

Having defined the Maybe type, mbind, and proved the two properties, we have all we 
need to define the Maybe monad on the category Sets. We use extensionality and mlawl 
and mlaw3 to prove the first and third monad laws, the second one holds definitionally. 
MaybeMonad : Monad Sets 

MaybeMonad = recordfT = Maybe; 

q = Just; 

bind = mbind; 

lawl = ext mlawl; 

law2 = refl; 

law3 = ext mlaw3} 

The definition of the relative monad is quite similar to that of the ordinary monad: 
record RMonad {C D : Cat}(J : Fun C D) : Set where 
field T : Obj C —► Obj D 
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p : V{X> -> Horn D (OMap J X) (T X) 

bind : V{X Y} -> Horn D (OMap J X) (T Y) -► Horn D (T X) (T Y) 

lawl : V{X> -> bind (p {X}) ^ iden D {T X> 

law2 : V{X Y}{f : Horn D (OMap J X) (T Y)} -* 

comp D (bind f) p = f 
law3 : V{X Y Z> 

{f : Horn D (OMap J X) (T Y)Hg : Horn D (OMap J Y) (T Z)> -* 

bind (comp D (bind g) f) = comp D (bind g) (bind f) 

The record RMonad takes the source and target categories C and D as implicit arguments 
and a functor J between them as an explicit argument. The idea is that functor J is 
some kind of embedding-like thing which repairs the mismatch in the categories in the 
remainder of the definition. T is a mapping from objects of C to objects of D, so p’s type 
must be adjusted from the previous definition: for any object X in C, p gives a morphism 
in D from OMap J X to T X. bind must also be adjusted: this time, it takes as input maps 

in D from OMap J X to T X. The three laws remain the same, but their types are adjusted 

by replacing C with D and inserting OMap J where necessary. 

A monad is a special case of a relative monad where the functor J is just the identity 
functor: 

IdF : V C —► Fun C C 

IdF C = record-fOMap = id; HMap = id; fid = refl; fcomp = refl} 

To define the special case there is nothing to prove we just plug in the contents of the 
fields of the monad into the fields of the relative monad: 

specialM : {C : Cat} -» Monad C -> RMonad (IdF C) 
specialM {C} M = recordfT = T M; 

p = p M; 
bind = bind M; 
lawl = lawl M; 
law2 = law2 M; 
law3 = law3 M} 

Given a monad on some category D, we can restrict it to a relative monad by post- 
composing T with any functor J into D. 

restrictM : {C D : Cat}(J : Fun C D) -t Monad D —> RMonad J 
restrictM J M = recordfT = T M • OMap J; 

p = p M; 
bind = bind M; 
lawl = lawl M; 
law2 = law2 M; 
law3 = law3 M} 

Under favourable conditions, restriction is the right adjoint of an interesting adjunction. 
Its left adjoint is investigated in Section 4 of (Altenkirch, Chapman, and Uustalu 2010). 
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^.1 Well-scoped X-terms 

So, our first example of a relative monad is just an ordinary non-relative one. A more 
informative example is the well-scoped A-terms. They are well-scoped because their type 
Tm is indexed by the number of variables in scope and ensures that they cannot refer to 
any others. We will show that Tm is the object map T of a relative monad on where J is 
functor whose object map is given by Fin: 
data Fin : Nat —> Set where 
fz : V{n> —* Fin (s n) 
fs : V{n> —> Fin n —> Fin (s n) 

Variables are de Bruijn indices and represented as elements of finite sets. The finite set 
Fin 0 is empty, the finite set Fin 1 contains one element f z, the finite set Fin 2 contains 
two elements fz and fs fz, etc. 
data Tm : Nat —> Set where 
var : V{n} —» Fin n —> Tm n 

lam : V{n} —> Tm (s n) —> Tm n 

app : V{n} —» Tm n —* Tm n —» Tm n 

Looking at the definition of the type Tm, we see that the var constructor embeds elements 
of Fin n (variables from a n-element scope) into the set Tm n (terms over this scope). 
The lam constructor is a scope-safe A-abstraction. It takes a body over s n variables 
and gives back a term over n variables (the bound variable has been abstracted by the 
A). The app constructor is for scope-safe application of a function over n variables to an 
argument over n variables. If the function and argument are over different numbers of 
variables we cannot even form the term corresponding to their application. 

To show that the well-scoped terms form a relative monad, we must first fix J and the 
categories between which it operates. The object map of J should be Fin, hence the sets of 
objects of the source and target categories should be Nat and Set. We define a category 
Nats whose objects are natural numbers, to be understood as possible context sizes. 
The morphisms are functions from Fin m —> Fin n. These morphisms can be thought 
of as renamings from m variables to n variables. Identity and composition are given by 
the identity function and composition of functions respectively. As is the case for the 
category of sets (where the morphisms are also functions), the laws hold definitionally. 
Nats : Cat 

Nats = record{0bj = Nat; 

Horn = X m n —> Fin m —> Fin n; 
iden = id; 

comp = Afg—> f • g; 
idl = ref1; 
idr = refl; 
ass = refl} 

The target of the functor J is the category of sets Sets defined earlier. We now give the 
definition for the functor J. On objects, it is Fin and, on maps, it is the identity function. 
The laws hold trivially due to the trivial operation on maps: 
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FinF : Fun Nats Sets 
FinF = record{OMap = Fin; 

HMap = id; 
fid = ref1; 
fcomp = refl> 

We can now begin to show that we have a relative monad on FinF: 

TmRMonad : RMonad FinF 

TmRMonad = record-fT = Tm; T| = var; bind = ?; lawl = ?; Iaw2 = ?; Iaw3 = ?} 

We fix the object map T to be Tm which gives p the type {n : Nat} —► Fin n —> Tm n. 
It is just the constructor var. The type of bind is more interesting: {m n : Nat} —> 
(Fin m —> Tm n) ->Tmm^ Tm n. A function from Fin m —*■ Tm n is a substitution; 
for every variable in Fin m it gives a term over n variables, var is the identity substitution: 
it replaces a variable with itself (seen as term), bind performs a substitution; it applies 
a substitution from m variables to terms over n variables to a term over m variables to 
give a term over n variables. Put another way it lifts a substitution which is an operation 
on variables to an operation on terms. There are several ways to proceed from here to 
define substitution. We chose to first define renaming (we already have a category of 
renamings) and use it to define substitution. This approach has a clear mathematicaly 
structure, a simple termination argument (all our definitions are structurally recursive), 
and makes the proofs of the monad laws relatively straightforward. 

First, we define some type synonyms for renamings, the identity renaming, and com¬ 
position of renaming. This makes the types that follow easier to read. 

Ren : Nat —> Nat —> Set 
Ren m n = Fin m —> Fin n 

renld : V{n} —» Ren n n 
renld = id 

renComp : V{m n o} —> Ren n o —> Ren m n —> Ren m o 
renComp f g = f • g 

Next, we define the action of renaming ren which applies a renaming to a term, or, put 
another way, takes a renaming from m to n and lifts it to a function from terms over m 
variables to terms over n variables. We define it by recursion on the term. In the variable 
case, we peel off the var constructor, apply the renaming, and replace the var. In the 
application case, we can just push the renaming down to the subterms. In the case of 
A-abstraction, we weaken the renaming using wk (defined below) and then apply it to the 
body. 

ren : V{m n} —*■ Ren m n —> Tm m —> Tm n 

ren f (var i) = var (f i) 

ren f (app t u) = app (ren ft) (ren f u) 

ren f (lam t) = lam (ren (wk f) t) 
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To push renaming under a binder, we need a helper function wk which weakens a re¬ 
naming: the variable fz is passed straight through and the others are mapped to the 
successor (the weakening of variables) of their original values: 
wk : V{m n} —> Ren m n —> Ren (s m) (s n) 
wk f fz = fz 
wk f (fs i) = fs (f i) 

Next, we prove that wk maps the identity renaming to itself and ren maps the identity 
renaming to the identity function: 

wkid : V{n}(i : Fin (s n)) —> wk renld i = renld i 
wkid fz = refl 
wkid (fs i) = refl 

renid : V{n}(t : Tm n) —> ren renld t = id t 
renid (var i) = refl 

renid (app t u) = resp2 app (renid t) (renid u) 

renid (lam t) = resp lam (trans (resp (X f —> ren f t) (ext wkid)) 

(renid t)) 

Notice that, in the proof renid, we need the proof wkid, as, in the program ren, we 
needed the program wk. 

Next, we prove the wk takes composition of renamings to composition of renamings 
and ren takes composition of renamings to composition of functions. Notice again that 
the lam cases require the corresponding properties for wk. 
wkcomp : V{m n o}(f : Ren n o)(g : Ren m n)(i : Fin (s m)) —> 

wk (renComp f g) i = renComp (wk f) (wk g) i 

wkcomp f g fz = refl 

wkcomp f g (fs i) = refl 

rencomp : V{m n o}(f : Ren n o)(g : Ren m n)(t : Tm m) —* 
ren (renComp f g) t = (ren f • ren g) t 
rencomp f g (var i) = refl 

rencomp f g (app t u) = resp2 app (rencomp f g t) (rencomp f g u) 

rencomp f g (lam t) 

resp lam (trans (resp (X f —> ren f t) (ext (wkcomp f g))) 

(rencomp (wk f) (wk g) t)) 

These properties indicate that wk and ren are morphism maps of two functors, wk is 
a morphism map for the object endomap s on the category of renamings and ren the 
morphism map for the object map Tm from the category of renamings to the category of 
sets. We stop short of defining these functors explicitly; we define only what we will need 
later. 

Having dealt with renaming, we can now move on to substitution. We define a type 
synonym for substitution, as we did for renaming, but defer the definition of identity and 
substitution until later: 
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Sub : Nat —> Nat —> Set 
Sub m n = Fin m —> Tm n 

The first operation we define is analogous to wk; we must be able to weaken a substitution 

to push it under a A-abstraction. As before, the variable fz is passed straight through. 

In the other case we apply the substitution and weaken the resultant term. Notice that 

f s weakens a variable and ren f s weakens a term. 

lift : V{m n> —> Sub m n —> Sub (s m) (s n) 

lift f fz = var fz 

lift f (fs i) = ren fs (f i) 

Having defined lift, we can define the action of substitutions on terms. In the variable 
case, we apply the substitution; in the application case, we pass it to the subterms; in 
the A case we weaken it and pass it to the body, 
sub : V-fm n} —* Sub m n —> Tm m —> Tm n 

sub f (var i) = f i 

sub f (app t u) = app (sub f t) (sub f u) 

sub f (lam t) = lam (sub (lift f) t) 

The identity substitution is just var. When applied, it removes the var constructor and 
then reapplies it again: 
subld : V{n} —* Sub n n 
subld = var 

To compose substitutions, we must lift the first one f to a function from terms to terms 
sub f. Then we can compose: 

subComp : V{m n o} —> Sub n o —> Sub m n —> Sub m o 
subComp f g = sub f • g 

As we did for renamings we prove that lift takes the identity substitution to itself and 

that sub take the identity substitution to the identity function on terms: 

liftid : V{n}(i : Fin (s n)) —* lift subld i = subld i 

liftid fz = ref1 

liftid (fs i) = ref1 

subid : V{n}(t : Tm n) —> sub subld t = id t 
subid (var i) = refl 

subid (app t u) = resp2 app (subid t) (subid u) 

subid (lam t) = resp lam (trans (resp (X f —» sub f t) (ext liftid)) 

(subid t)) 

To prove the required properties of lift and sub for composition, we need some extra 
lemmas. We have defined ren using wk, lift using ren and sub using lift. Hence, we 
need some lemmas regarding how they interact: 

liftwk : V{m n o}(f : Sub n o)(g : Ren m n)(i : Fin (s m)) —* 

(lift f • wk g) i = lift (f • g) i 
liftwk f g fz = refl 



T. Altenkirch, J. Chapman and T. Uustalu 


18 


liftwk f g (fs i) = refl 

subren : V{m n o}(f : Sub n o)(g : Ren m n)(t : Tm m) —> 

(sub f • ren g) t = sub (f • g) t 
subren f g (var i) = refl 

subren f g (app t u) = resp2 app (subren f g t) (subren f g u) 

subren f g (lam t) 

resp lam (trans (subren (lift f) (wk g) t) 

(resp (X f —> sub f t) (ext (liftwk f g)))) 

renwklift : V{m n o}(f : Ren n o)(g : Sub m n)(i : Fin (s m)) —> 

(ren (wk f) • lift g) i = lift (ren f • g) i 

renwklift f g fz = refl 

renwklift f g (fs i) = trans (sym (rencomp (g i) (wk f) fs)) 

(rencomp (g i) fs f) 

rensub : V{m n o}(f : Ren n o)(g : Sub m n)(t : Tm m) —> 

(ren f • sub g) t = sub (ren f • g) t 
rensub f g (var i) = refl 

rensub f g (app t u) = resp2 app (rensub f g t) (rensub f g u) 

rensub f g (lam t) 

resp lam (trans (rensub (wk f) (lift g) t) 

(resp (If-* sub f t) (ext (renwklift f g)))) 

Having proved these lemmas relating wk, ren, lift and sub, we can now prove the prop¬ 
erties of composition we need, lift takes composition of substitutions to composition of 
substitutions and sub takes composition of substitutions to composition of functions: 

liftcomp : V{m n o}(f : Sub n o)(g : Sub m n)(i : Fin (s m)) —> 

lift (subComp f g) i = subComp (lift f) (lift g) i 

liftcomp f g fz = refl 

liftcomp f g (fs i) = trans (rensub fs f (g i)) 

(sym (subren (lift f) fs (g i))) 

subcomp : V{m n o}(f : Sub n o)(g : Sub m n)(t : Tm m) —> 
sub (subComp f g) t = (sub f • sub g) t 
subcomp f g (var i) = refl 

subcomp f g (app t u) = resp2 app (subcomp f g t) (subcomp f g u) 
subcomp f g (lam t) 

resp lam (trans (resp (X f —> sub f t) (ext (liftcomp f g))) 

(subcomp (lift f) (lift g) t)) 

Similarly to renaming, there are two functors lurking here, lift is the morphism map 
of an endofunctor on the category of substitutions and sub is the morphism map of a 
functor from the category of substitutions to the category of sets. 
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Having defined sub and proved subid and subcomp, we can fill in the rest of the 
definition of the relative monad, bind is sub, the first law follows from subid, the second 
law holds definitionally and the third law follows from subcomp. 

TmRMonad : RMonad FinF 

TmRMonad = recordfT = Tm; 

T) = var; 

bind = sub; 

lawl = ext subid; 

law2 = ref1; 

law3 = ext (subcomp _)} 

f.2 Well-typed X-terms 

The well-typed A-terms also form a relative monad. First we define some types: an inert 
base type; and a simple function space, 
data Ty : Set where 
l : Ty 

-=*- : Ty -*• Ty —*• Ty 

Contexts are just sequences of types. They will play the role that natural numbers played 
in the well-scoped terms: indicating how many variables are in scope, but also what their 
types are. In this sense, they can be thought of as like natural numbers where the successor 
is labelled with a type, 
data Con : Set where 

£ : Con 

_<_ : Con —> Ty —> Con 

Variables are de Bruijn indices as before. The type of variables is very much like Fin, but 
we have contexts instead of natural numbers to indicate the scope and the type is given 
as an extra type index. For the zeroth variable vz, we can see that its type is guaranteed 

to be the same as the type at the end of the context. The successor vs is essentially 

weakening restricted to variables, it introduces a new variable at the end of the context 
and preserves the type, 
data Var : Con —> Ty —> Set where 
vz : V{T a} Var (T < ct) a 
vs : V{r a t} —* Var T a -> Var (r < x) o 
The type Tm receives the same treatment. It guarantees the that terms are well-scoped 
as before, but now they are also well-typed. An ill-typed term is not a term at all. 
data Tm : Con —> Ty —> Set where 
var : V{r o> -» Var T o -> Tm T a 

app : V{r ct t} —> Tm T (ct => t) —> Tm T ct —» Tm T t 

lam : V{r ct t} -> Tm (r < ct) t —» Tm T (ct => t) 

To show that this datatype gives a relative monad, we must define substitution and 
prove the same properties of it as before (that it respects identity and composition). The 
programs we must write are very similar and so are the proofs. We give the programs in 
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full, but omit the proofs of the substitution properties. Having proved these properties, 
we must also fix some categorical structures (What are the categories? What is J?) to 
complete the relative monad definition. We will describe these in full. 

Given two contexts, renaming is defined to be a type of functions which takes a type as 
an implicit argument and returns a function from variables over one context to variables 
over the other. Notice that the types of the variables preserved. Identity and composition 
are given by identity and composition of functions. 

Ren : Con —> Con —> Set 

Ren r 4 = V {a} —*■ Var T a —> Var A ct 

renld : V{r} —> Ren T T 
renld = id 

renComp : V{B T A} —> Ren T A —> Ren B T —> Ren B A 
renComp f g = f • g 

Before defining the action of a renaming on a term, we explain how to weaken a renaming 
(to push it under a A-abstraction) by introducing a new type (for the bound variable) 
at the end of the context. The type is taken implicitly. The action ren is defined by 
recursion on the term. In the variable case, the renaming is applied, in the application 
case, it is passed to the subterms and, in the A-abstraction case, it is weakened before 
being passed to the body. 

wk : V{r A a} —* Ren T A -» Ren (r < a) (A < a) 

wk f vz = vz 

wk f (vs i) = vs (f i) 

ren : V{r A} —> Ren T A —» V {a} —> Tm T a —> Tm A a 

ren f (var x) = var (f x) 

ren f (app t u) = app (ren f t) (ren f u) 

ren f (lam t) = lam (ren (wk f) t) 

We require the following properties of wk and ren: 

wkid : V{r o x>(x : Var (r < t) a) —> wk renld x = renld x 

renid : V{r a}(t : Tm T a) —* ren renld t = id t 

wkcomp : V {B T A}(f : Ren T A)(g : Ren B T){ct t}(x : Var (B < a) t) —> 

wk (renComp f g) x = renComp (wk f) (wk g) x 

rencomp : V {B T A}(f : Ren T A) (g : Ren B r){a>(t : Tm B a) —> 

ren (renComp f g) t = (ren f • ren g) t 
We omit the proofs, as they have exactly the same structure as their counterparts for 
the well-scoped terms. 

Given two contexts, substitution is defined to be a type of functions which takes a type 
as an implicit argument and returns a type-preserving function from variables over one 
context to terms over the other. 

Sub : Con —> Con —> Set 
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Sub T A = V{a> —> Var T o ^ Tm 1 o 

Before defining the action of a substitution on a term, we explain how to weaken a 

substitution. The zeroth variable is passed straight through, for other variables, we apply 

the substitution and weaken the result (ren vs weakens a term). 

lift : V{r A ct} — > Sub T A —> Sub (r < a) (A < a) 

lift f vz = var vz 

lift f (vs x) = ren vs (f x) 

The action of substitution on a term is defined by recursion on the term. In the variable 

case, the substitution is applied, in the application case, it is passed to the subterms, in 
the A-abstraction case, it is weakened and then passed to the body, 
sub : V-IT A} —> Sub T A —> V{a} —> Tm T a —> Tm A a 

sub f (var x) = f x 

sub f (app t u) = app (sub f t) (sub f u) 

sub f (lam t) = lam (sub (lift f) t) 

The identity is given by the var constructor. Composition is given by lifting the first 
substitution to an operation on terms by applying sub and then using function compo¬ 
sition. 

subld : V{r} —» Sub T T 
subld = var 


subComp : V{B r A} -> Sub F A -> Sub B T -> Sub B A 
subComp f g = sub f • g 

We require the following properties of substitution: 


liftid 

liftwk 

renwklift 

rensub 
liftcomp 
subcomp 


V{r a t}(x : Var (T < a) t) —» lift subld x = subld x 
V{r a}(t : Tm T a) —> sub subld t = id t 

V{B r A}(f : Sub T A) (g : Ren B r){a t}(x : Var (B < ct) 

(lift f • wk g) x = lift (f • g) x 

V{B T A>(f : Sub T A) (g : Ren B D{cf}(t : Tm B a) -> 

(sub f • ren g) t = sub (f • g) t 

V{B r A}(f : Ren T A)(g : Sub B r){a t}(x : Var (B < ct) 

(ren (wk f) • lift g) x = lift (ren f • g) x 

V{B T A>(f : Ren T A) (g : Sub B D{o}(t : Tm B a) -» 

(ren f • sub g) t = sub (ren f • g) t 

V{B r A}(f : Sub T A)(g : Sub B r){o t}(x : Var (B < ct) 

lift (subComp f g) x = subComp (lift f) (lift g) x 

V{B T A}(f : Sub T A) (g : Sub B D{o}(t : Tm B ct) -» 

sub (subComp f g) t = (sub f • sub g) t 


t) - 


t) - 


t) - 


The proofs are omitted. 

We now consider the categorical structure. We start with a category of renamings as 
before. This time, the renamings are typed and the objects of the category are contexts 
instead of natural numbers, the morphisms are renamings as before. Identity and com¬ 
position morphisms are given by identity and composition renamings, these are in turn 
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given by the identity function and composition of functions, hence the categorical laws 
hold definitionally (after applying extensionality for functions with implicit arguments 
iext). 

ConCat : Cat 

ConCat = recordfObj = Con; 

Horn = Ren; 

iden = renld; 

comp = renComp; 

idl = iext X _ —» refl; 

idr = iext X _ —* refl; 

ass = iext X _ —> refl} 

Instead of just have a J be a functor from ConCat to Sets this time it is a functor 
from ConCat to a functor category. The functor category is from the discrete category 
of types to Sets. The discrete category of types has types as objects, and only identity 
morphisms. We represent this as a category where set of morphisms is only inhabited 
when the objects are equal. Identity is given by reflexivity of equality, composition by 
transitivity and proof irrelevance guarantees the required laws: 

TyCat : Cat 

TyCat = recordfObj = Ty; 

Horn = XXY-*X = Y; 
iden = refl; 

comp = X p q —> trans q p; 

idl = ir; 

idr = ir; 

ass = ir} 

Next we define the functor VAR : Fun Concat (FunctorCat TyCat Sets) that plays 
the role of J. We define its object and morphism maps separately. First we define the 
object map: 

OVAR : Con —> Fun TyCat Sets 
OVAR T = recordfOMap = Var T; 

HMap = subst (Var D; 
fid = refl; 

fcomp = X{_ _ _ p q} —> ext (substtrans (Var D q p)} 

For any object in ConCat, a context T, it gives a functor whose object map is given by 
Var T and whose morphism map is given by substitutivity of equality. The type of subst 
says that the equality is substitutive. Its proof says it maps reflexive equations to the 
identity function: 

subst : V{A}(P : A —> Set)fa a’ : A} —> a = a’ —». P a —> P a’ 
subst P refl p = p 

Here P = Var T, A = Ty, so this amounts to saying we can substitute by equal types. 

To prove the functor laws, we check that subst does the right thing with identity 
(reflexivity) and composition (transitivity) in TyCat. The identity property fid holds 



Relative monads formalised 


23 


definitionally as subst computes when the equality proof is refl. For fcomp, we need a 
lemma about substituting by transitive equations which states that subst takes compo¬ 
sition of equations to composition of functions: 

substtrans : V{A}(P : A —*■ Set){a a’ a’’}(p : a = a’)(q : a’ = a’’) —> 

V x — * subst P (trans p q) x = (subst P q • subst P p) x 
substtrans P refl refl x = refl 
Next define the operation on maps for VAR: 

HVAR : V{r A}(f : Ren T A) —> NatT (OVAR D (OVAR A) 

HVAR f = record-fcmp = f; nat = X {_ _ p} —> ext (substren p f)} 

It takes a morphism in ConCat, which is a renaming f : Ren T A, and defines a natural 
transformation between the functors OVAR T and OVAR A. The component of the natural 
transformation cmp is just the renaming f except the component takes the type argument 
explicitly. To prove the naturality condition nat, we need a lemma about commuting 
renamings and the substitution of equality proofs: 

substren : {r A : ConXa t : Ty>(p : a = x) (f : Ren T A) (i : Var T a) —> 
(subst (Var A) p • f) i = (f • subst (Var D p) i 
substren refl f i = refl 

Having defined the object and morphism maps OVAR and HVAR, we can put them together 
to form a the functor VAR: 

VAR : Fun ConCat (FunctorCat TyCat Sets) 

VAR = recordf 

OMap = OVAR; HMap = HVAR; fid = NatTEq refl; fcomp = NatTEq refl} 

We use the previously defined operation NatTEq, which allows us to assert that natural 
transformation are equal, if their components are equal, to dismiss the proof obligations 
for the functor laws. In both case the components are definitionally equal. 

Next, we begin to fill in the definition of the relative monad for Tm: 

TmRMonad : RMonad VAR 

TmRMonad = record {T = ?; q = ?; bind = ?; lawl = ?; Iaw2 = ?; Iaw3 = ?} 
In the case of the well-scoped, terms we plugged in Tm, var, and sub for T, q, and bind 
respectively. Here we have a functor category as our target category, so we must so we 
must lift Tm to be a functor, var to be a natural transformation, and sub to be an 
operation on natural transformations before we can use them. The laws will be lifted 
to equations between natural transformations, but using NatTEq we can reduce this to 
equations between their components. 

We lift Tm to a functor TM which, for any context, T gives a functor whose object map 
is Tm T and whose morphism map is given by subst. This is just like the definition of 
OVAR, but with Var replaced with Tm. 

TM : Con —> Fun TyCat Sets 
TM T = recordfOMap = Tm T ; 

HMap = subst (Tm D; 
fid = refl; 

fcomp = X {_ _ _ p q} —> ext (substtrans (Tm D q p)} 
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We lift var to a natural transformation r|nat whose components are given by var. 
pnat : fT : Con} -> NatT (OVAR D (TM D 

qnat = recordfcmp = var; nat = A{_ _ p} —> ext (substsub p var)} 

The naturality condition requires a lemma like the one we required for commuting sub¬ 
stitution of equations and renamings, except this time it is for substitutions instead: 
substsub : (r 4 : Con}{a t : Ty}(p : a = x) (f : Sub T 4)(i : Var T a) —> 
(subst (Tm A)p*f)i=(f* subst (Var T) p) i 
substsub refl f i = refl 

We lift sub to an operation on natural transformation bindnat whose components apply 
sub to the components of the natural transformation it takes as an argument: 
bindnat : V{r A} -> NatT (OVAR D (TM A ) -> NatT (TM D (TM A) 

bindnat a = recordfcmp = sub (cmp a); 

nat = X{_ _ p} —> ext (substcmp a p)} 

We require another commutativity lemma here for the naturality condition of bindnat: 
substcmp : (T 4 : Con}(a : NatT (OVAR D (TM A)){ct t : Ty} 

(p : ct = t) (t : Tm T ct) —+ 

(subst (Tm A) p • sub (cmp a)) t 

(sub (cmp a) • subst (Tm D p) t 
substcmp a refl t = refl 

We can now fill in the rest of the definition of TmRMonad giving TM, qnat, bind for T, q 
and bind respectively. To prove the laws, we apply NatTEq and then they follow from 
subid, reflexivity and subcomp respectively. 

TmRMonad : RMonad VAR 

TmRMonad = recordfT = TM; 

q = qnat; 

bind = bindnat; 

lawl = NatTEq (iext X _ —> ext subid); 

law2 = NatTEq refl; 

law3 = NatTEq (iext (X _ —> ext (subcomp _ _)))} 

5 Adjunctions and relative adjunctions 

An adjunction is structure between two categories C and D. It is carried by two functors 
L and R. There are many options regarding the further data and laws. We choose to 
accompany the two functors by a natural bijection between Horn D (OMap L X) Y and 
Horn C X (OMap R Y) natural in X and Y. The fields left and right give the functions 
in the two directions, lawa and lawb assert they are mutually inverse, and natleft 
and natright assert the naturality conditions. We could excise the definition of natu¬ 
ral isomorphism, but as we only use it here, we stick with this flat definition to avoid 
unnecessary packing and unpacking, 
record Adj (C D : Cat) : Set where 
field L : Fun C D 
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R : Fun D C 

left : {X : Obj CHY : Obj D> 

Horn D (OMap L X) Y -t Horn C X (OMap R Y) 
right : {X : Obj CHY : Obj D} 

Horn C X (OMap R Y) -t Horn D (OMap L X) Y 
lawa : {X : Obj CHY : Obj D}(f : Horn D (OMap L X) Y) -t 
right (left f) = f 

lawb : {X : Obj CHY : Obj D>(f : Horn C X (OMap R Y)) -t 
left (right f) = f 

natleft : {X X’ : Obj CHY Y’ : Obj D> 

(f : Horn C X’ X)(g : Horn D Y Y’) 

(h : Horn D (OMap L X) Y) -» 

comp C (HMap R g) (comp C (left h) f) 

left (comp D g (comp D h (HMap L f))) 
natright : {XX 1 : Obj C}{Y Y’ : Obj D> 

(f : Horn C X> X)(g : Horn D Y Y>) 

(h : Horn C X (OMap R Y)) —> 

right (comp C (HMap R g) (comp C h f)) 

comp D g (comp D (right h) (HMap L f)) 

Relative adjunctions are defined similarly. A relative adjunction goes between a func¬ 
tor J : Fun C D and a category E. It is a given by two functors L : Fun C E and 
R : Fun E D and further data. This time, the bijection is between Horn E (OMap L X) Y 

and Horn D (OMap J X) (OMap R Y). As X is taken from C not D, we must apply OMap J 

to rectify this mismatch in the type of the bijection. The isomorphism and naturality 
conditions are adjusted accordingly. 

record RAdj {C D : Cat}(J : Fun C D)(E : Cat) : Set where 
field L : Fun C E 
R : Fun E D 

left : {X : Obj CHY : Obj E> -»■ 

Horn E (OMap LX) Y —> Horn D (OMap J X) (OMap R Y) 
right : {X : Obj CHY : Obj E> 

Horn D (OMap J X) (OMap R Y) -t Horn E (OMap L X) Y 
lawa : {X : Obj CHY : Obj E}(f : Horn E (OMap L X) Y) —> 
right (left f) = f 

lawb : {X : Obj CHY : Obj E}(f : Horn D (OMap J X) (OMap R Y)) —> 
left (right f) = f 

natleft : {X X’ : Obj CHY Y’ : Obj E> 

(f : Horn C X> X)(g : Horn E Y Y’) 

(h : Horn E (OMap L X) Y) -t 

comp D (HMap R g) (comp D (left h) (HMap J f)) 
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left (comp E g (comp E h (HMap L f))) 
natright : {XX’ : Obj C}{Y Y’ : Obj E> 

(f : Horn C X> X) (g : Horn E Y Y') 

(h : Horn D (OMap J X) (OMap R Y)) -t 

right (comp D (HMap R g) (comp D h (HMap J f))) 

= 

comp E g (comp E (right h) (HMap L f)) 

An ordinary adjunction is a special case of a relative adjunctions where the functor J is 
the identity functor IdF. 

Given an ordinary adjunction between two categories D and E, we can restrict it to a 
relative adjunction between a functor J : Fun C D and the category E by post-composing 
(using functor composition _o_) the left adjoint L with J. The bijection follows from 
the bijection of the adjunction where X = OMap J X. The naturality follows from the 
naturality of the adjunction where f = HMap J f : 

restricts : {C D E : Cat}(J : Fun C D) -*■ Adj D E -» RAdj J E 

restrictA J A = recordfL = L A o J; 

R = R A; 

left = left A; 

right = right A; 

lawa = lawa A; 

lawb = lawb A; 

natleft = natleft A • HMap J; 

natright = natright A • HMap J} 

The adjoint functors of any adjunction can be composed to form a monad. This con¬ 
struction can be generalised to relative monads. Given a relative adjunction on J be¬ 
tween functors F and G the object map of the relative monad T arises by composing 

the object maps of the functors OMap G • OMap F. To define p, we must produce a 

map from OMap J X to OMap G (OMap F X) which we do by applying left at the iden¬ 
tity in D at OMap L X. For bind, we need to define a function which takes morphisms 

of from OMap J X to OMap G (OMap F Y) to morphisms from OMap G (OMap F X) to 

OMap G (OMap F Y) for any X and Y. We first apply then right to give a morphism of 
type OMap F X to OMap F Y and then we apply HMap G. The laws follow from the laws 
of the monad and from functor laws. We omit the proof terms. 

Adj 2Mon : V{C D E>{J : Fun C D} —> RAdj J E -t RMonad J 

Adj2Mon A = record{T = OMap (R A) • OMap (L A); 

T] = left A (iden E) ; 

bind = HMap (R A) • right A; 
lawl = ?; 
law2 = ?; 
law3 = ?> 

Any monad can be split into an adjunction. There are two canonical ways to do this: one 
is due to Kleisli; and the other is due to Eilenberg and Moore. These constructions can 
be generalised to relative monads. We consider the relative Kleisli adjunction first. 
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5.1 Kleisli 

The relative Kleisli category is defined for a relative monad M on J : Fun C D. The cat¬ 
egory K1 M is has objects of C as its objects. Its morphisms are given by morphisms in 
D from OMap J X to T M Y. Identity is given by the p of the relative monad M and com¬ 
position of two functions f : Horn D (OMap J Y) (T M Z) and g : Horn D (OMap J X) 
(T M Y) is given by composition in D of bind M f with g. The left identity law follows 
from the first law of the relative monad and the left identity law of the category D, 
the right identity law follows immediately from the second relative monad law, and the 
associativity law follows from the third relative monad law and associativity in D. 

K1 : V{C DHJ : Fun C D> -* RMonad J -> Cat 
K1 {CHDHJ} M = recordf 

Obj = Obj C; 

Horn = X X Y -> Horn D (OMap J X) (T M Y) ; 

iden = r| M; 

comp = A f g —> comp D (bind M f) g; 

idl = X{_ _ f> —> trans (resp (X g —> comp D g f) (lawl M)) (idl D); 

idr = law2 M; 

ass = XTOttHYHZHfHgHh} - 

trans (resp (X f —» comp D f h) (law3 M)) (ass D)} 

The Kleisli category of an ordinary monad can be recovered by setting C = D and 
J = IdF. 

We define the left adjoint of the relative Kleisli adjunction as follows: 

RK1L : V{C DHJ : Fun C D}(M : RMonad J) -> Fun C (K1 M) 

RK1L {CHDHJ} M = recordf 

OMap = id; HMap = X f —* comp D (p M) (HMap J f); fid = ?; fcomp = ?} 

On objects, it does nothing (the objects are the underlying objects of C). On mor¬ 

phism is lifts a morphism f : Horn C X Y to a morphism HMap J f : Horn D (OMap J X) 
(OMap J Y) and composes it with p M Y to give a morphism in Horn D (OMap J X) 
(T M Y). The fid law follows from the fid law for J and right identity of D. The fcomp 
law follows from fcomp for J, associativity in D, and the second relative monad law for M. 

The right adjoint is even more straightforward: 

RK1R : V{C D}{J : Fun C D}(M : RMonad J) -> Fun (K1 M) D 

RK1R M = record{OMap = T M; HMap = bind M; fid = lawl M; fcomp = law3 M} 

We can show that this forms an adjunction by defining: 

KlAdj : V{C D}{J : Fun C D}(M : RMonad J) -> RAdj J (K1 M) 

KlAdj M = record{L = RK1L M; 

R = RK1R M; 

left = id; 

right = id; 

lawa = X _ —> refl; 

lawb = X _ —> refl; 

natleft = ?; 
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natright = ?} 

The bijection holds definitionally and both naturality conditions follow from the second 
relative monad law for M and associativity in D. We omit the proof terms. 

Again, we can recover the the ordinary Kleisli adjunction by setting C = D and J = 
IdF C. The Kleisli categories for the examples of the well-typed and well-scoped terms 
are their respective categories of substitutions. We omit the the definitions but note that 
we have defined and proved all the pieces we need already to do so. 


5.2 Eilenberg-Moore 


The Eilenberg-Moore category of a monad is the category of algebras for the monad 
and algebra morphisms between them. The ordinary notion of an algebra for a monad 
T : C —> C is given by a pair of an object A in C and a morphism a from T A to A, 
subject to some laws. Instead of attempting to generalise this notion directly we take an 
alternative, but equivalent, version and generalise that. We take an algebra for a monad 
T to be pair of an object A in C as before and an operation a on morphisms that, for 
any object X in C and for any morphism from X to A, gives a morphism from T X to 
A. Applying a to A and the identity morphisms on A recovers the original version. 

An algebra for a relative monad M over a functor J : Fun C D is defined as follows: 


record RAlg {C 
field acar 
astr 
alawl 


alaw2 : 


D : CatHJ : Fun C D}(M : RMonad J) : Set where 
Obj D 

V {Z} —*■ Horn D (OMap J Z) acar —> Horn D (T M Z) acar 

V {ZHf : Horn D (OMap J Z) acar} -> 
f = comp D (astr f) (t) M) 

: VfZHWHk : Horn D (OMap J Z) (T M W)> 

{f : Horn D (OMap J W) acar} —> 

astr (comp D (astr f) k) = comp D (astr f) (bind M k) 


It has a carrier acar in D and an algebra structure astr that, for any Z : Obj C (taken 
implicitly), takes a morphism from OMap J Z to acar to a morphism from T M Z to acar, 
subject to two laws which state that the algebra structure astr interacts appropriately 
with the q and bind of the monad. These laws play the same role as the usual laws for 
an algebra of a monad and in the case of an ordinary monad (an relative monad on the 
identity functor) they are equivalent. 

The definition of an algebra morphism for a relative monad contains a morphism on 
the underlying objects of the algebra, as usual, and a homomorphism condition stating 
we can apply the morphism first and then the algebra structure, or the other way around, 
to yield the same result. The formulation of this condition is slightly different from the 
usual formulation of an algebra morphism for a monad as we have a different notion of 
algebra structure. 


record RAlgMorph {C D : CatHJ : Fun C D}{M : RMonad J} 

(A B : RAlg M) : Set where 
field amor : Horn D (acar A) (acar B) 

ahom : V{Z}{f : Horn D (OMap J Z) (acar A)} —> 

comp D amor (astr A f) = astr B (comp D amor f) 
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We define a useful lemma stating that any two algebra morphisms are equal, if the un¬ 
derlying morphisms are equal. This is analogous to the NatTEq lemma for natural trans¬ 
formations and such properties are very useful, whenever we define a category where the 
morphisms are records. We give only its type here. The proof follows from extensionality 
and proof irrelevance after using the f ixtypes lemma. 

RAlgMorphEq : V{C D}{J : Fun C D}{M : RMonad J}{X Y : RAlg M> 

{f g : RAlgMorph X Y} -t amor f = amor g —> f = g 
Next we define identity and composition of morphisms: 

IdMorph : V{C D}{J : Fun C D}{M : RMonad J}{A : RAlg M> RAlgMorph A A 
IdMorph {CHD} = recordfamor = iden D; ahom = ?} 

CompMorph : V{C D}{J : Fun C D}{M : RMonad J}{X Y Z : RAlg M> -► 

RAlgMorph Y Z -t RAlgMorph X Y —> RAlgMorph X Z 
CompMorph {C}{D} f g = recordfamor = comp D (amor f) (amor g); ahom = ?} 
The underlying morphisms are just formed by identity and composition (of the underlying 
morphisms of the algebra morphisms being composed) in D. For the identity morphism, 
the naturality condition follows from left unit law in D and, for the composition mor¬ 
phism, it follows from the naturality properties of the morphisms being composed and 
associativity in D. To be able to define an relative EM category we must also prove the 
left and right unit laws, and associativity laws for algebra morphisms. After applying 
RAlgMorphEq, they each follow from the corresponding property of the category D: 
idlMorph : V{C D}{J : Fun C D}{M : RMonad J> 

{X Y : RAlg MHf : RAlgMorph X Y} -t CompMorph IdMorph f B f 
idlMorph {CHD} = RAlgMorphEq (idl D) 

idrMorph : V{C D}{J : Fun C D}{M : RMonad J} 

{X Y : RAlg MHf : RAlgMorph X Y} -t CompMorph f IdMorph B f 
idrMorph {CHD} = RAlgMorphEq (idr D) 

assMorph : V{C D}{J : Fun C D}{M : RMonad J}{W X Y Z : RAlg M} 

{f : RAlgMorph Y Z}{g : RAlgMorph X Y}{h : RAlgMorph « X} -* 
CompMorph (CompMorph f g) h = CompMorph f (CompMorph g h) 
assMorph {C}{D} = RAlgMorphEq (ass D) 

Having defined, algebras, algebra morphism, identity, composition, and proved the laws, 
we can put them together to define the EM category: 

EM : V{C D}{J : Fun C D} —> RMonad J Cat 
EM M = record{0bj = RAlg M; 

Horn = RAlgMorph; 
iden = IdMorph; 
comp = CompMorph; 
idl = idlMorph; 
idr = idrMorph; 
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ass = assMorph} 

Having defined the category EM, we can now define the left and right adjoint functors 
that make up the relative EM adjunction: 

REML : V{C D}{J : Fun C D}(M : RMonad J) -»• Fun C (EM M) 

REML {CHDHJ} M = record { 

OMap = X X —> recordfacar = T M X; 

astr = bind M; 
alawl = sym (law2 M); 
alaw2 = law3 M>; 

HMap = X f —> record {amor = bind M (comp D (r) M) (HMap J f)); 
ahom = sym (law3 M)}; 

fid = ?; 
fcomp = ?> 

For objects of C, the left adjoint creates algebras by applying the monad map T M to them 
and defining the algebra structure to be bind M. The laws follow from the second and 
third monad laws. It is interesting to note that in the case of ordinary monads (where 
C = D and J = IdF), this version of algebras uses bind exactly where the standard 
version would use the multiplication of the monad p. For morphisms, we lift morphisms 
from X to Y in C to morphisms in D from T M X to T M Y by applying HMap J, composing 
with p M Y and then applying bind M. The homomorphism condition ahom of the algebra 
morphism follows from the third monad law. It remains to prove the functor laws for 
the left adjoint. These follow from the corresponding functor laws for J, the monad laws 
(first and third respectively) and the laws of the category D. 

The right adjoint is much simpler as it is throws away the algebra structure rather 
than constructs it: 

REMR : V{C D}{J : Fun C D}(M : RMonad J) -> Fun (EM M) D 
REMR M = record{0Map = acar; HMap = amor; fid = refl; fcomp = refl} 
On objects, it projects the underlying object and on morphisms it projects the underlying 
morphism. The functor laws hold definitionally. 

Next we combine these functors to form a relative adjunction. This time the bijection 
does not hold definitionally and we have to do some work: 

REMAdj : V{C D}{J : Fun C D}(M : RMonad J) -> RAdj J (EM M) 

REMAdj {CHD} M = record{L = REML M; 

R = REMR M; 

left = X f —*■ comp D (amor f) (p M); 
right = X{X}{B> f -> 

recordfamor = astr B f; ahom = sym (alaw2 B)}; 

natleft = ?; 
natright = ?} 

To go left, we must construct a morphism of type Horn D (OMap J X) (AObj B) from an 
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algebra morphism f between an algebra whose object is T M X and an algebra B. amor f 
gives us a morphism of type Horn D (T M X) (acar B) and by composing with q M X 
we get a morphism of the right type. To go right, we must reverse the process: given a 
morphism f : Horn D (OMap J X) (acar B), we must construct an algebra morphism. 
We apply the algebra structure of B at X to f to give the underlying morphism (whose 
type is Horn D (T M X) (acar B)) and the homomorphism condition follows from the 
second algebra law for B. The laws lawa, lawb, natleft, and natright follow from the 
first monad law for M, the first algebra law for B, the second monad law for M, and the 
first algebra law for B respectively. 

5.3 Set-model of the well-typed X-terms 

The set-model of the well-typed A-terms form an relative EM algebra for the relative 
monad TM in quite a natural way. The idea is to define interpretation of object level 
types as Agda types, and an evaluator (the interpretation of terms) which maps terms 
to values (the interpretation of types) given a suitable environment (environments are 
interpretations of contexts). One could also say that a term t : Tm T a is interpreted 
as a function from the interpretation of the context Env T to the interpretation of the 
type Val a. 

The values form the carrier of the algebra and the evaluator forms the algebra structure. 
Let us look at the construction in detail. First we define the interpretation of object 
types Ty as Agda types Sets. 

Val : Ty -> Set 

Val i = One 

Val (a =* t) = Val a -> Val x 

The inert base type is interpreted as the unit type but another type such as Nat would 
do the same job as it only contains neutral terms for the the simply-typed A-calculus. 
The object level function space is interpreted as the meta-level (Agda) function space. 
Together with the datatype Ty, the set-valued function Val is a very simple, and very 
useful, example of a universe construction. 

Next we interpret contexts as environments, they are like substitutions, but emit values 
over a type instead of terms over a context and type. We also define an operation _«_ 
to extend an environment by a new value which we will need for the evaluator. 

Env : Con —> Set 

Env T = V{a} -> Var T a -> Val a 

_«_ : V{T a} —> Env T —> Val a —> Env (T < a) 

(Y « v) vz = v 
(y « v) (vs x) = y x 

Given Val, Env and _«_ we have all that we need to define a simple evaluator: 

eval : V{T a} —► Env T -> Tm T a Val ct 

eval y (var x) = y x 

eval y (app t u) = eval y t (eval y u) 

eval y (lam t) = X v —> eval (y « v) t 
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It takes a environment over T, a term in context T of type a and emits a value of type a. In 
the variable case, it looks up the variable in the environment. In the case of application, 
we evaluate the function in the environment to give a real Agda function which we can 
then run it on the evaluated argument. In the case of A-abstraction, we must produce 
a function. We define this as a meta level (Agda) A-abstraction which takes a value of 
appropriate type. When this argument value arrives the evaluator will evaluate the body 
t in the original environment extended with the new value v. We have essentially created 
a closure. That is the end of our program. We now need to prove some properties and 
perform some categorical constructions to show that the set model forms an algebra. 

We need five lemmas to proceed. The first lemma shows that we can commute evalu¬ 
ation with substitution by a type equation: 

substeval : V{a x}(p : a = x){r : Con}{y : Env T}(t : Tm T a) —> 

(subst Val p • eval y) t = (eval y • subst (Tm T) p) t 
substeval refl t = refl 
The second lemma show that wk commutes with 
wk« : V{r A}(a : Ren T A) (p : Env A){a}(v : Val a) —» 

VfpXy : Var (T < a) p) —> ((p • a) « v) y = (p « v) (wk a y) 

wk« a p v vz = refl 

wk« a p v (vs x) = refl 

The third shows that we can commute renaming and evaluation: 
reneval : V{r A a}(a : Ren F A)(p : Env A)(t : Tm T a) —> 

eval (eval p • var • a) t = (eval p • ren a) t 

reneval a p (var x) = refl 
reneval a p (app t u) = 

resp2 (A f x —> f x) (reneval apt) (reneval a p u) 
reneval a p (lam t) = ext X v —> 

trans (resp (X y —+ eval y t) (iext X _ —> ext (wk« a p v))) 

(reneval (wk a) (p « v) t) 

The fourth shows that we can lift and context extension in evaluation: 
lifteval : V{r A ct x}(a : Sub T A)(p : Env A) 

(v : Val a)(y : Var (T < ct) x) —> 

((eval p • a) « v) y = (eval (p << v) • lift a) y 

lifteval a p v vz = refl 

lifteval a p v (vs x) = reneval vs (p << v) (a x) 

The fifth lemma shows that we can commute evaluation and substitution: 
subeval : V{T A a}(a : Sub F A)(p : Env A)(t : Tm T a) —f 
eval (eval p • a) t = (eval p • sub a) t 
subeval a p (var x) = refl 
subeval a p (app t u) = 

resp2 (X f x —> f x) (subeval apt) (subeval a p u) 
subeval a p (lam t) = ext X v —> 

trans (resp (X y —> eval y t) (iext X _ —> ext (lifteval a p v))) 
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(subeval (lift a) (p « v) t) 

Given these lemmas, we can show that the set model forms an relative EM algebra: 

modelRAlg : RAlg TmRMonad 
modelRAlg = recordf 

acar = record-fOMap = Val; 

HMap = subst Val; 
fid = ext X _ —» refl; 

fcomp = X {_ _ _ p q} —> ext (substtrans Val q p)}; 
astr = X a —> recordfcmp = eval (cmp a); 

nat = X{_ _ p> —> ext (substeval p)}; 

alawl = NatTEq refl; 

alaw2 = NatTEq (iext (X _ —> ext (subeval _ _)))> 

Let us go through the definition of modelRAlg step by step. To define an algebra, we 
must give a carrier acar which is an object in FuntorCat TyCat Sets which is a functor 
from TyCat to Sets. Its object map is given by Val and its morphism map by subst Val. 
The functor laws follows from reflexivity (as subst computes when the equality proof is 
reflexive) and the property of subst for transitivity (which is composition of morphisms 
in TyCat) we proved earlier. To define the algebra structure, we must give a morphism 
in FunctorCat TyCat Sets which for any context T is an operation on natural trans¬ 
formations. This operation takes a natural transformation whose components given by 

V {ct> —> Var T a —> Val a to a natural transformation whose components have type 

V {ct> —> Tm T a —> Val a. This is exactly the type of the evaluator eval, so we plug 
the components of the given natural transformation into the evaluator. The naturality 
condition is taken care of by the lemma substeval we proved above. All that remains is 
to prove the two algebra laws. After applying NatTEq in both cases, the first law holds 
definitionally and the second follows from the last lemma subeval we proved above. 

5-4 Extensional X-models of the well-scoped X-calculus 

The is no set-model of the well-scoped (untyped) A-terms. So, instead we do something 
more general: we give a specification for a model and show that any such model yields a 
relative EM-algebra. 

We define an extensional A-model in the same style as we have defined other mathemat¬ 
ical structures. It has some data: a set S; an operation eval that, given an appropriate 
environment, evaluates a well-scoped term to give a value in S; and an operation ap 
which performs application on values in S. The behaviour of these data is governed by 
four laws: three laws governing how the syntax is evaluated (notice that the law for lam 
applies only in the presence of an argument); and an extensionality principle, 
record LambdaModel : Set where 
field S : Set 

eval : V{n} —> (Fin n —> S) —* Tm n —> S 
ap : S —> S —* S 

lawvar : V{n}{i : Fin n}{y : Fin n —> S} —> eval y (var i) = y i 
lawapp : V{n}{t u : Tm n}{y : Fin n —> S} —> 
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eval y (app t u) = ap (eval y t) (eval y u) 
lawlam : V{n}{t : Tm (s n)}{y : Fin n —> SMs : S> —* 
ap (eval y (lam t)) s = eval (y « s) t 
lawext : V{f g : S} —> ((a : S) —> ap f a = ap g a) —> f = g 
In the definition of lamlaw, we need to be able to extend the environment, so we imple¬ 
ment an operation to do this: 

_«_ : V{n X> (Fin n -* X) -> X -► Fin (s n) -> X 
(f « x) fz = x 
(f « x) (fs i) = f i 

To define an EM-algebra, we require versions of exactly the same lemmas as we required 
for set-model in the typed-case. We omit their proofs and given only the types. There 
is one key difference in the proofs which is that we must explicitly use the equations 
lawvar, lawapp, lawlam. In the case of the set-model, where eval and ap are functions, 
these principles held definitionally and were invisible in the proofs. 
wk« : V(1 : LambdaModel){m n}(a : Fin m —> Fin n) (p : Fin n —> S 1) 
(v : S 1) —* (y : Fin (s m)) —> 

((P • a) « v) y It (p « v) (wk a y) 

reneval : V(1 : LambdaModel){m n}(a : Fin m —> Fin n)(p : Fin n —* S 1) 

(t : Tm m) —» 

eval 1 (eval 1 P • (var • a)) t = (eval 1 P • ren a) t 
lift<< : V(1 : LambdaModel){m n}(y : Fin m —> Tm n)(a : Fin n —* S 1) 

(a : S 1) (i : Fin (s m)) -» 

((eval 1 a • y ) <<a) i = (eval 1 (a « a) • lift y) i 
subeval : V(1 : LambdaModel){m n}(t : Tm m) 

(y : Fin m —> Tm n) (a : Fin n —> S 1) —> 

eval 1 (eval 1 a • y) t = (eval la* sub y) t 

Having proved subeval (using the three previous lemmas), we can define a relative EM 
algebra on the monad TmRMonad: 

TmRAlg : LambdaModel —> RAlg TmRMonad 
TmRAlg 1 = recordfacar = S 1; 

astr = eval 1; 

alawl = ext A _ —> sym (lawvar 1); 
alaw2 = ext X t —> subeval 1 t _ 

The object is given by the set S and the map by eval. The first law follows from lawvar 
(recall that this followed definitionally in the set-model) and the second from the lemma 
subeval. 

6 Conclusion 

We have presented a self-contained and detailed account of our formalisation of relative 
monads and relative adjunctions, with some examples. 

Due to reasons of space, we have not described everything we have formalised. Every 
construction we have performed for relative monads has also been carried out for ordinary 
monads as well. Here in the paper we have included only the definitions of ordinary 
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monads and adjunctions. We have done this for both styles of monads, i.e., for Manes 
style with an object mapping T and operations q bind and also as a functor T with 
natural transformations p and p. We have also formalised the Yoneda lemma in Agda 
(with the intention of using it for the example of arrows as a relative monad on the 
Yoneda embedding), and a further example of finite-dimensional vector spaces. 

To complete the formalisation of section 2 of (Altenkirch, Chapman, and Uustalu 2010), 
we would very much like to able to show that the relative Kleisli and Eilenberg-Moore 
constructions of a relative monad are respectively initial and final in the category of its 
splittings into relative adjunctions. This is currently not possible in Agda for performance 
reasons (not even for ordinary monads). There is a space leak due to a loss of sharing 
when using records. This is particularly acute for our formalisation which uses records 
extensively. Defining the category of splittings is currently one step beyond what we can 
achieve. 

Formalisation of the further theory of relative monads (Sections 3, 4 of (Altenkirch, 
Chapman, and Uustalu 2010)) requires Kan extensions. We expect that our calculus of 
coends as presented in Section 3.1 of (Altenkirch, Chapman, and Uustalu 2010) lends 
itself to formalisation, but this is future work. We also plan to advance our running 
examples, as we add more of the relative monads machinery, and also to give a treatment 
of the further example of arrows as relative monads (Section 5 of (Altenkirch, Chapman, 
and Uustalu 2010)). 

We have already discussed the question of extensionality. For the formalisation done 
so far it is sufficent to assume functional extensionality but going further would require 
quotient types in particular to develop the coend calculus. This can be achieved by 
adding further postulates which state that every setoid gives rise to a set. Formally 
this corresponds to using a type theory with exact coequalizers, this is often refered 
to as a predicative topos (van den Berg 2010). Clearly, adding postulates to Agda is 
unsatisfying for several reasons: first of all arbitrary postulates could be easily unsound, 
and second the resulting type theory is computationally not well behanved forcing us to 
prove equations which should just be definitional equalities. We hope that the situation 
will improve once implementations of Observational Type Theory (Altenkirch, McBride 
and Swierstra 2007) become available and ready for serious formalisations. 
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